Some checks failed
Build Docker Image on Commit / build-and-publish (push) Failing after 3m8s
|
||
---|---|---|
.forgejo/workflows | ||
.env.template | ||
DEPLOYMENT.md | ||
docker-compose.yml | ||
Dockerfile | ||
entrypoint.sh | ||
README.md |
TAK Server Docker Setup
This directory contains a unified Docker configuration for running TAK Server components.
Prerequisites
You must have the official TAK Server Docker release archive. The archive should be in ZIP format and contain both docker
and tak
folders.
Setup Instructions
-
Build the Docker Image:
docker build -t takserver .
-
Run TAK Server:
docker run -d --name takserver \ -e TAK_MODE=server \ -v /path/to/your/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \ takserver
-
Run TAK Database:
docker run -d --name takserver-db \ -e TAK_MODE=database \ -v /path/to/your/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \ takserver
-
Alternative: Mount the archive directory (for automatic latest version detection):
# Mount the directory containing TAK archives docker run -d --name takserver \ -e TAK_MODE=server \ -v /path/to/tak-archives-directory:/tak-archive:ro \ takserver
How It Works
- Unified Image: One Docker image serves both TAK Server and Database functions
- Mode Selection: Use the
TAK_MODE
environment variable to choose betweenserver
(default) ordatabase
- Runtime Extraction: The container checks for and extracts the TAK archive on startup
- Automatic Version Detection: If you mount a directory, the container will automatically find and use the latest TAK archive
- Flexibility: The same image can be used with different TAK archive versions
- Persistence: Once extracted, the TAK files persist in the container until it's removed
File Structure Expected
Your TAK Server archive should have this structure:
takserver-docker-5.4-RELEASE-19.zip
├── docker/ # Docker-related files (not used)
└── tak/ # TAK Server files (this is what gets copied)
├── configureInDocker.sh
├── db-utils/
│ └── configureInDocker.sh
└── ... (other TAK files)
Environment Variables
TAK_MODE
: Set toserver
(default) ordatabase
to determine the container's functionTAK_ARCHIVE_PATH
: Override the default TAK archive path (default:/tak-archive/takserver-docker-5.4-RELEASE-19.zip
)
Usage Notes
- The TAK archive is mounted as read-only (
ro
) to prevent accidental modifications - Server Mode: Starts automatically with the
configureInDocker.sh init
command - Database Mode: Starts with the database configuration script
- Logs will be written to
/opt/tak/logs/takserver.log
in server mode - The container will extract the TAK archive on first run and reuse the extracted files on subsequent runs
Data Persistence
To persist data across container restarts and updates, you should mount the following directories:
TAK Server Data Volumes:
/opt/tak/logs
- TAK Server logs/opt/tak/certs
- SSL certificates and keys/opt/tak/conf
- Configuration files/opt/tak/db-utils/pg_hba.conf
- PostgreSQL authentication configuration
Database Data Volumes (when using TAK_MODE=database):
/var/lib/postgresql/data
- PostgreSQL database files/opt/tak/db-utils/logs
- Database utility logs
Example with Data Persistence:
# TAK Server with persistent data
docker run -d --name takserver \
-e TAK_MODE=server \
-v /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
-v takserver-logs:/opt/tak/logs \
-v takserver-certs:/opt/tak/certs \
-v takserver-config:/opt/tak/conf \
takserver
# TAK Database with persistent data
docker run -d --name takserver-db \
-e TAK_MODE=database \
-v /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro \
-v takserver-db-data:/var/lib/postgresql/data \
-v takserver-db-logs:/opt/tak/db-utils/logs \
takserver
Docker Compose Example
version: '3.8'
services:
takserver-db:
image: takserver
environment:
- TAK_MODE=database
volumes:
- /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro
- takserver-db-data:/var/lib/postgresql/data
- takserver-db-logs:/opt/tak/db-utils/logs
container_name: takserver-db
takserver:
image: takserver
environment:
- TAK_MODE=server
volumes:
- /path/to/takserver-docker-5.4-RELEASE-19.zip:/tak-archive/takserver-docker-5.4-RELEASE-19.zip:ro
- takserver-logs:/opt/tak/logs
- takserver-certs:/opt/tak/certs
- takserver-config:/opt/tak/conf
container_name: takserver
depends_on:
- takserver-db
volumes:
takserver-db-data:
takserver-db-logs:
takserver-logs:
takserver-certs:
takserver-config:
Reverse Proxy with Custom SSL Certificate
You can use a reverse proxy (like Nginx, Traefik, or Caddy) to terminate SSL with your own certificate instead of using TAK Server's built-in SSL. This is recommended for production deployments.
Benefits:
- Use your own SSL certificates (Let's Encrypt, corporate CA, etc.)
- Centralized certificate management
- Better security practices
- Easier certificate renewal
Basic Nginx Configuration Example:
upstream takserver {
server takserver:8443;
}
server {
listen 443 ssl http2;
server_name your-domain.com;
ssl_certificate /path/to/your/cert.pem;
ssl_certificate_key /path/to/your/private.key;
# SSL security settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
# Proxy to TAK Server
location / {
proxy_pass https://takserver;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Important for WebSocket connections
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# SSL verification settings for upstream
proxy_ssl_verify off;
proxy_ssl_session_reuse on;
}
}
Docker Compose with Nginx Reverse Proxy:
version: '3.8'
services:
# ... your existing takserver and takserver-db services ...
nginx:
image: nginx:alpine
ports:
- "443:443"
- "80:80"
volumes:
- ./nginx.conf:/etc/nginx/nginx.conf:ro
- /path/to/your/ssl-certs:/etc/nginx/ssl:ro
depends_on:
- takserver
networks:
- takserver-network
Configuration Notes:
-
Remove External Port Mapping: When using a reverse proxy, remove the port mappings from the
takserver
service in docker-compose.yml since the proxy will handle external access. -
Internal Communication: TAK Server will still use its internal SSL certificate for communication between the reverse proxy and the container.
-
Certificate Management: Your reverse proxy handles the public-facing SSL certificate, while TAK Server's internal certificate is only used for proxy-to-container communication.
-
WebSocket Support: Ensure your reverse proxy configuration supports WebSocket upgrades for real-time features.
-
Security Headers: Consider adding security headers in your reverse proxy configuration for enhanced security.
Alternative: Traefik with Automatic Let's Encrypt
For automatic SSL certificate management, consider using Traefik:
# Add labels to your takserver service
labels:
- "traefik.enable=true"
- "traefik.http.routers.takserver.rule=Host(`your-domain.com`)"
- "traefik.http.routers.takserver.tls.certresolver=letsencrypt"
- "traefik.http.services.takserver.loadbalancer.server.port=8443"
- "traefik.http.services.takserver.loadbalancer.server.scheme=https"